Example #1
0
// ClientFromPublishSettingsDataWithConfig unmarshalls the contents of a publish settings file
// from https://manage.windowsazure.com/publishsettings.
// If subscriptionID is left empty, the first subscription in the string is used.
func ClientFromPublishSettingsDataWithConfig(data []byte, subscriptionID string, config ClientConfig) (client Client, err error) {
	publishData := publishData{}
	if err = xml.Unmarshal(data, &publishData); err != nil {
		return client, err
	}

	for _, profile := range publishData.PublishProfiles {
		for _, sub := range profile.Subscriptions {
			if sub.ID == subscriptionID || subscriptionID == "" {
				base64Cert := sub.ManagementCertificate
				if base64Cert == "" {
					base64Cert = profile.ManagementCertificate
				}

				pfxData, err := base64.StdEncoding.DecodeString(base64Cert)
				if err != nil {
					return client, err
				}

				pems, err := pkcs12.ToPEM(pfxData, "")

				cert := []byte{}
				for _, b := range pems {
					cert = append(cert, pem.EncodeToMemory(b)...)
				}

				config.ManagementURL = sub.ServiceManagementURL
				return makeClient(sub.ID, cert, config)
			}
		}
	}

	return client, fmt.Errorf("could not find subscription '%s' in settings provided", subscriptionID)
}
Example #2
0
// Reload certificate
func (c *certificate) reload() error {
	keystoreBytes, err := ioutil.ReadFile(c.keystorePath)
	if err != nil {
		return err
	}

	pemBlocks, err := pkcs12.ToPEM(keystoreBytes, c.keystorePass)
	if err != nil {
		return err
	}

	var pemBytes []byte
	for _, block := range pemBlocks {
		pemBytes = append(pemBytes, pem.EncodeToMemory(block)...)
	}

	certAndKey, err := tls.X509KeyPair(pemBytes, pemBytes)
	if err != nil {
		return err
	}

	certAndKey.Leaf, err = x509.ParseCertificate(certAndKey.Certificate[0])
	if err != nil {
		return err
	}

	atomic.StorePointer(&c.cached, unsafe.Pointer(&certAndKey))
	return nil
}
Example #3
0
// parseKeystore takes a PKCS12 keystore and converts it into a series of
// serialized PEM blocks for certificates/private key. The keystore is expected
// to contain exactly one private key and one or more certificates.
func parseKeystore(data []byte, password string) (certs, key []byte, err error) {
	blocks, err := pkcs12.ToPEM(data, password)
	for _, block := range blocks {
		if strings.Contains(block.Type, "PRIVATE KEY") {
			if key != nil {
				return nil, nil, fmt.Errorf("invalid keystore: found multiple private keys in pkcs12 file")
			}
			key = pem.EncodeToMemory(block)
		} else if block.Type == "CERTIFICATE" {
			certs = append(certs, pem.EncodeToMemory(block)...)
			certs = append(certs, '\n')
		}
	}

	return
}
Example #4
0
func main() {

	b, e := ioutil.ReadFile("/home/figo/data/testCer/Certificates.p12")
	if e != nil {
		fmt.Println("@error:", e)
		return
	}
	blocks, err := pkcs12.ToPEM(b, "111")
	if err != nil {
		fmt.Println("@error:", err)
		return
	}
	var pemData []byte
	for _, b := range blocks {
		pemData = append(pemData, pem.EncodeToMemory(b)...)
	}
	cert, err := tls.X509KeyPair(pemData, pemData)
	if err != nil {
		panic(err)
	}

	fmt.Println("success @cert:", cert)
	buf := bytes.NewBufferString("")
	for _, b := range blocks {
		pem.Encode(buf, b)
	}
	log.Println("------------------")
	//	fmt.Println("-- cer buffer is -")
	//	fmt.Println("------------------")
	//	fmt.Println(buf.String())
	//	fmt.Println("------------------")
	block, _ := pem.Decode([]byte(buf.String()))
	if block == nil {
		log.Println("failed to parse certificate PEM")
	}
	c, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		log.Println("failed to parse certificate: " + err.Error())
	}
	log.Println("------------------")
	log.Println("@commonName:", c.Subject.CommonName)
	log.Println("------------------")
	print(c.Subject)
	log.Println("------------------")
	print(c.Issuer)
}
Example #5
0
// readCertsFromStream takes some input and converts it to PEM blocks.
func readCertsFromStream(reader io.Reader, filename string, format string, password func(string) string, callback func(*pem.Block)) error {
	headers := map[string]string{}
	if filename != "" && filename != os.Stdin.Name() {
		headers[fileHeader] = filename
	}

	switch format {
	case "PEM":
		scanner := pemScanner(reader)
		for scanner.Scan() {
			block, _ := pem.Decode(scanner.Bytes())
			block.Headers = mergeHeaders(block.Headers, headers)
			callback(block)
		}
	case "DER":
		data, err := ioutil.ReadAll(reader)
		if err != nil {
			return fmt.Errorf("error reading input: %s\n", err)
		}
		x509Certs, err := x509.ParseCertificates(data)
		if err == nil {
			for _, cert := range x509Certs {
				callback(EncodeX509ToPEM(cert, headers))
			}
			return nil
		}
		p7bBlocks, err := pkcs7.ParseSignedData(data)
		if err == nil {
			for _, block := range p7bBlocks {
				callback(pkcs7ToPem(block, headers))
			}
			return nil
		}
		return fmt.Errorf("error parsing certificates from DER data\n")
	case "PKCS12":
		data, err := ioutil.ReadAll(reader)
		if err != nil {
			return fmt.Errorf("error reading input: %s\n", err)
		}
		blocks, err := pkcs12.ToPEM(data, password(""))
		if err != nil || len(blocks) == 0 {
			return fmt.Errorf("keystore appears to be empty or password was incorrect\n")
		}
		for _, block := range blocks {
			block.Headers = mergeHeaders(block.Headers, headers)
			callback(block)
		}
	case "JCEKS":
		keyStore, err := jceks.LoadFromReader(reader, []byte(password("")))
		if err != nil {
			return fmt.Errorf("error parsing keystore: %s\n", err)
		}
		for _, alias := range keyStore.ListCerts() {
			cert, _ := keyStore.GetCert(alias)
			callback(EncodeX509ToPEM(cert, mergeHeaders(headers, map[string]string{nameHeader: alias})))
		}
		for _, alias := range keyStore.ListPrivateKeys() {
			key, certs, err := keyStore.GetPrivateKeyAndCerts(alias, []byte(password(alias)))
			if err != nil {
				return fmt.Errorf("error parsing keystore: %s\n", err)
			}
			block, err := keyToPem(key, mergeHeaders(headers, map[string]string{nameHeader: alias}))
			if err != nil {
				return fmt.Errorf("error reading key: %s\n", err)
			}
			callback(block)
			for _, cert := range certs {
				callback(EncodeX509ToPEM(cert, mergeHeaders(headers, map[string]string{nameHeader: alias})))
			}
		}
	}
	return fmt.Errorf("unknown file type: %s\n", format)
}